Security firms taking days to block malware
Can you hold on till Friday?
Anti-malware vendors can take up to 92.48 hours to block malicious sites, potentially leaving clients in blissful ignorance of threats to their systems in the meantime.
Security researchers NSS Labs reviewed a range of endpoint security products from ten big-name security vendors and their response to "socially engineered or consensual malware threats".
It said 15,000 to 50,000 such threats were presenting themselves per day.
Effectiveness rates varied from a 35 per cent block rate to a more comforting 88.3 per cent.
Vendors' average times to respond to new threats ranged from 4.62 hours to 92.48 hours, with the high end turned in by Panda, NSS Labs said. Of the 10 vendors profiled, just three managed response times of less than 30 hours.
The researchers concluded that vendors with "in the cloud reputation systems" kept much more malware off their clients' desktops.
Sadly, most vendors do not have such systems, or, the report concluded, they are still immature and have yet to have an impact on detection rates.
Vendors covered by the survey were: AVG, Norman, ESET, Panda, F-Secure, Sophos, Kaspersky, Symantec, McAfee, and Trend Micro.
More details here. ®
As 3G and heyrick have reported, this report weighs in at a handsome 500 USD per copy. It may be worthwhile considering this little nugget before posting such a story?
Or you could setup a forum where we could collaborate and organise a multi-user pricing discount!
Quite poor reporting really.....unless of course you're on commission.....
So a non story?
Not even headline figures unless you pay £500 per person to view the report.
I think I'll give it a miss, pointless without the detail.
I already see the evidence
I use one of the AVs mentioned (and not one that gets any regular bashing from the folks on here) and am becoming increasingly aware that I receive obviously malicious email which the AV doesn't recognise as such until 5-24 hours after I received the email.
Then again, seeing as my (personal) server receives one spam every 6 minutes on average, 24/7 I probably get to see more malicious stuff sooner than most....
I'd probably see a lot more malicious stuff pass my AV if I didn't already have my own generic filters in force upstream which sends 97% of incoming mail to /dev/null